Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mako@0.8.1
purl pkg:pypi/mako@0.8.1
Next non-vulnerable version 1.3.12
Latest non-vulnerable version 1.3.12
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-5ztu-aqpn-97ar
Aliases:
CVE-2026-44307
GHSA-2h4p-vjrc-8xpq
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads of files outside the configured template directory. This vulnerability is fixed in 1.3.12.
1.3.12
Affected by 0 other vulnerabilities.
VCID-7157-v8k4-gbbx
Aliases:
CVE-2022-40023
GHSA-v973-fxgf-6xhp
PYSEC-2022-260
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
1.2.2
Affected by 2 other vulnerabilities.
VCID-78vq-wbe5-aygj
Aliases:
CVE-2026-41205
GHSA-v92g-xgxw-vvmm
PYSEC-2026-88
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11.
1.3.11
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T08:29:01.733102+00:00 GitLab Importer Affected by VCID-5ztu-aqpn-97ar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Mako/CVE-2026-44307.yml 38.6.0
2026-06-06T08:09:52.499372+00:00 GitLab Importer Affected by VCID-78vq-wbe5-aygj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Mako/GHSA-v92g-xgxw-vvmm.yml 38.6.0
2026-06-06T08:05:44.245740+00:00 GitLab Importer Affected by VCID-78vq-wbe5-aygj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Mako/CVE-2026-41205.yml 38.6.0
2026-06-06T02:57:24.262506+00:00 GitLab Importer Affected by VCID-7157-v8k4-gbbx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Mako/CVE-2022-40023.yml 38.6.0
2026-06-05T17:05:22.015486+00:00 PyPI Importer Affected by VCID-78vq-wbe5-aygj https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-05T17:02:09.826532+00:00 PyPI Importer Affected by VCID-7157-v8k4-gbbx https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-06-04T18:56:34.347614+00:00 GHSA Importer Affected by VCID-7157-v8k4-gbbx https://github.com/advisories/GHSA-v973-fxgf-6xhp 38.6.0
2026-06-02T04:24:53.637609+00:00 Pypa Importer Affected by VCID-78vq-wbe5-aygj https://github.com/pypa/advisory-database/blob/main/vulns/mako/PYSEC-2026-88.yaml 38.6.0
2026-06-02T04:17:39.652002+00:00 Pypa Importer Affected by VCID-7157-v8k4-gbbx https://github.com/pypa/advisory-database/blob/main/vulns/mako/PYSEC-2022-260.yaml 38.6.0